Sentinel-AI

Inspiration and What it does

Sentinel AI started with a conversation at In-N-Out. We got talking to an older gentleman who'd spent decades in IT security before landing there. He started venting about the hours he used to lose reading through logs after a breach, sitting alone at a terminal at 2 am, manually reconstructing an attack that had already been over for days. We looked at the numbers, and it was crazy: 277 days average to detect a breach and $4.88M average cost. The deeper issue is that current security AI doesn't actually solve this but leaves interpretation to humans, and single-model AI summarizers produce confident-sounding reports with no internal validation. Nobody should have to do this alone at 2 am, and no single model should be trusted to get it right unsupervised.

How we built it and Challenges we ran into

Sentinel AI is a multi-agent security investigation platform built to simulate a real AWS attack chain, including credential theft, privilege escalation, and S3 data exfiltration. Instead of relying on one AI model to do everything, we split the investigation into six specialized agents that each handle a different part of the process. The Detective traces the attacker’s path through the system. The Forensics agent figures out what data was accessed or stolen. Remediation suggests fixes and security improvements. The Validator checks findings against the raw logs to make sure the investigation stays grounded in actual evidence. The Reporter then puts everything together into a structured incident report with severity scoring, blast radius analysis, and an executive summary. We also built a Meta Security agent that monitors the other agents for hallucinations, bad outputs, and prompt injection attempts before results are shown to the user, which is something a lot of security AI systems overlook. The entire investigation pipeline runs in under four minutes through a live dashboard built with Next.js, Supabase, OpenClaw, and NVIDIA Nemotron. Everything is containerized with Docker and deployed on NVIDIA Brev.

What we learned and What's next for Sentinel-AI

One of the biggest things we learned is that security AI is way more than just good prompting. Having one model summarize logs is pretty straightforward, but building a system where multiple agents check each other’s work and produce a reliable report is much harder. A lot of the challenge came from handling how information moves between agents and making sure mistakes don’t quietly spread through the system. We also ran into deployment issues that taught us a lot about debugging real AI systems. At one point, container environment variable mismatches looked like model failures, when the actual problem had nothing to do with the AI itself. That made us realize reliability in real-world conditions matters just as much as model performance. Next, we want to connect Sentinel AI to live CloudTrail streams so it can analyze real infrastructure activity instead of simulations. Long term, we want it to become a continuous monitoring system that can help catch security threats while they’re happening instead of only analyzing them afterward.